diff --git a/docs/admin/auth-server/authz-details/README.md b/docs/admin/auth-server/authz-details/README.md index 655fe514cd5..150f238f507 100644 --- a/docs/admin/auth-server/authz-details/README.md +++ b/docs/admin/auth-server/authz-details/README.md @@ -140,7 +140,7 @@ X-Xss-Protection: 1; mode=block "scope": "openid", "client_secret": "1af17da1-57a3-416b-a358-c84bb0ef0fad", "client_id_issued_at": 1702922353, - "backchannel_logout_uri": [], + "backchannel_logout_uri": "", "backchannel_logout_session_required": false, "client_name": "jans test app", "par_lifetime": 600, diff --git a/docs/admin/auth-server/endpoints/authorization-challenge.md b/docs/admin/auth-server/endpoints/authorization-challenge.md index 8de6bea5355..ad6433c957c 100644 --- a/docs/admin/auth-server/endpoints/authorization-challenge.md +++ b/docs/admin/auth-server/endpoints/authorization-challenge.md @@ -386,7 +386,7 @@ X-Xss-Protection: 1; mode=block "scope": "openid", "client_secret": "f6364c5c-295d-4e6e-bb40-6ad3a47b2119", "client_id_issued_at": 1691668385, - "backchannel_logout_uri": [], + "backchannel_logout_uri": "", "backchannel_logout_session_required": false, "client_name": "jans test app", "par_lifetime": 600, @@ -679,7 +679,7 @@ X-Xss-Protection: 1; mode=block "scope": "openid", "client_secret": "f921c89c-57f0-4a91-baaa-036a4a22737b", "client_id_issued_at": 1691668622, - "backchannel_logout_uri": [], + "backchannel_logout_uri": "", "backchannel_logout_session_required": false, "client_name": "jans test app", "par_lifetime": 600, diff --git a/docs/admin/auth-server/endpoints/client-registration.md b/docs/admin/auth-server/endpoints/client-registration.md index c4c5a029eba..62ac781f01d 100644 --- a/docs/admin/auth-server/endpoints/client-registration.md +++ b/docs/admin/auth-server/endpoints/client-registration.md @@ -79,7 +79,7 @@ in example below: "scope": "profile work_phone phone user_name device_sso openid permission uma_protection address email clientinfo org_name offline_access https://jans.io/auth/ssa.portal test https://jans.io/auth/ssa.admin https://jans.io/auth/ssa.developer", "client_secret": "4148f812-92d6-4245-80e0-243524b3b6a4", "client_id_issued_at": 1678700818, - "backchannel_logout_uri": [], + "backchannel_logout_uri": "", "backchannel_logout_session_required": false, "client_name": "my.jans.client", "par_lifetime": 600, diff --git a/docs/admin/auth-server/oauth-features/mtls.md b/docs/admin/auth-server/oauth-features/mtls.md index 93dbbc7e69f..ac6e308f4ee 100644 --- a/docs/admin/auth-server/oauth-features/mtls.md +++ b/docs/admin/auth-server/oauth-features/mtls.md @@ -551,7 +551,7 @@ Response: "scope": "email openid profile", "client_secret": "e1c9e9df-e542-4225-adb4-d0590f85d97d", "client_id_issued_at": 1698114939, - "backchannel_logout_uri": [], + "backchannel_logout_uri": "", "backchannel_logout_session_required": false, "client_name": "Test Client mTLS", "par_lifetime": 600, diff --git a/docs/admin/auth-server/oauth-features/pkce.md b/docs/admin/auth-server/oauth-features/pkce.md index a4470114d90..4d8ff11a1aa 100644 --- a/docs/admin/auth-server/oauth-features/pkce.md +++ b/docs/admin/auth-server/oauth-features/pkce.md @@ -161,7 +161,7 @@ Connection: close "scope": "email openid profile", "client_secret": "a656a654-c930-4b52-9edb-68ead50d046e", "client_id_issued_at": 1700261473, - "backchannel_logout_uri": [], + "backchannel_logout_uri": "", "backchannel_logout_session_required": false, "client_name": "PKCE Test Client", "par_lifetime": 600, diff --git a/docs/admin/config-guide/config-tools/curl-guide.md b/docs/admin/config-guide/config-tools/curl-guide.md index 4a4b889644b..f0a4a8bf575 100644 --- a/docs/admin/config-guide/config-tools/curl-guide.md +++ b/docs/admin/config-guide/config-tools/curl-guide.md @@ -103,7 +103,7 @@ If client is created successfully, response similar to below will be received: "scope": "openid profile permission https://jans.io/auth/ssa.portal uma_protection work_phone phone address test https://jans.io/auth/ssa.admin user_name email clientinfo device_sso org_name https://jans.io/auth/ssa.developer offline_access", "client_secret": "da4c17de-b6bc-4f25-b642-4c7b887c7860", "client_id_issued_at": 1672221633, - "backchannel_logout_uri": [], + "backchannel_logout_uri": "", "backchannel_logout_session_required": false, "par_lifetime": 600, "spontaneous_scopes": [], diff --git a/docs/assets/log/authorization-details-run-log.txt b/docs/assets/log/authorization-details-run-log.txt index d9cad9f0c77..ef31df97e17 100644 --- a/docs/assets/log/authorization-details-run-log.txt +++ b/docs/assets/log/authorization-details-run-log.txt @@ -174,7 +174,7 @@ X-Xss-Protection: 1; mode=block "scope": "openid", "client_secret": "1af17da1-57a3-416b-a358-c84bb0ef0fad", "client_id_issued_at": 1702922353, - "backchannel_logout_uri": [], + "backchannel_logout_uri": "", "backchannel_logout_session_required": false, "client_name": "jans test app", "par_lifetime": 600, diff --git a/docs/assets/log/tx-token-replace-run-log.txt b/docs/assets/log/tx-token-replace-run-log.txt index 047e45a6706..cf294ac001e 100644 --- a/docs/assets/log/tx-token-replace-run-log.txt +++ b/docs/assets/log/tx-token-replace-run-log.txt @@ -176,7 +176,7 @@ X-Xss-Protection: 1; mode=block "scope": "openid", "client_secret": "cdbd420d-5f15-4031-9081-878a47a7822d", "client_id_issued_at": 1705054752, - "backchannel_logout_uri": [], + "backchannel_logout_uri": "", "backchannel_logout_session_required": false, "client_name": "tx token test", "par_lifetime": 600, diff --git a/docs/assets/log/tx-token-request-run-log.txt b/docs/assets/log/tx-token-request-run-log.txt index cd0f3ac1288..08c85221b71 100644 --- a/docs/assets/log/tx-token-request-run-log.txt +++ b/docs/assets/log/tx-token-request-run-log.txt @@ -176,7 +176,7 @@ X-Xss-Protection: 1; mode=block "scope": "openid", "client_secret": "9a62ce88-e35f-4516-9724-1437b07bccb2", "client_id_issued_at": 1705054359, - "backchannel_logout_uri": [], + "backchannel_logout_uri": "", "backchannel_logout_session_required": false, "client_name": "tx token test", "par_lifetime": 600, diff --git a/jans-auth-server/client/src/main/java/io/jans/as/client/RegisterRequest.java b/jans-auth-server/client/src/main/java/io/jans/as/client/RegisterRequest.java index bb51fd18f31..48c8480e895 100644 --- a/jans-auth-server/client/src/main/java/io/jans/as/client/RegisterRequest.java +++ b/jans-auth-server/client/src/main/java/io/jans/as/client/RegisterRequest.java @@ -74,7 +74,7 @@ public class RegisterRequest extends BaseRequest { private final LocalizedString tosUri; private String frontChannelLogoutUri; private Boolean frontChannelLogoutSessionRequired; - private List backchannelLogoutUris; + private String backchannelLogoutUri; private Boolean backchannelLogoutSessionRequired; private String jwksUri; private String jwks; @@ -303,12 +303,22 @@ public void setAccessToken(String registrationAccessToken) { this.registrationAccessToken = registrationAccessToken; } - public List getBackchannelLogoutUris() { - return backchannelLogoutUris; + /** + * Returns backchannel logout uri + * + * @return backchannel logout uri + */ + public String getBackchannelLogoutUri() { + return backchannelLogoutUri; } - public void setBackchannelLogoutUris(List backchannelLogoutUris) { - this.backchannelLogoutUris = backchannelLogoutUris; + /** + * Sets backchannel logout uri + * + * @param backchannelLogoutUri backchannel logout uri + */ + public void setBackchannelLogoutUri(String backchannelLogoutUri) { + this.backchannelLogoutUri = backchannelLogoutUri; } public Boolean getBackchannelLogoutSessionRequired() { @@ -1827,7 +1837,7 @@ public static RegisterRequest fromJson(JSONObject requestObject) throws JSONExce result.setMinimumAcrPriorityList(extractListByKey(requestObject, MINIMUM_ACR_PRIORITY_LIST.toString())); result.setFrontChannelLogoutUri(requestObject.optString(FRONT_CHANNEL_LOGOUT_URI.toString())); result.setFrontChannelLogoutSessionRequired(requestObject.optBoolean(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString())); - result.setBackchannelLogoutUris(extractListByKey(requestObject, BACKCHANNEL_LOGOUT_URI.toString())); + result.setBackchannelLogoutUri(requestObject.optString(BACKCHANNEL_LOGOUT_URI.toString())); result.setBackchannelLogoutSessionRequired(requestObject.optBoolean(BACKCHANNEL_LOGOUT_SESSION_REQUIRED.toString())); result.setAccessTokenLifetime(integerOrNull(requestObject, ACCESS_TOKEN_LIFETIME.toString())); result.setParLifetime(integerOrNull(requestObject, PAR_LIFETIME.toString())); @@ -2106,8 +2116,8 @@ public void getParameters(BiFunction function) { if (frontChannelLogoutSessionRequired != null) { function.apply(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString(), frontChannelLogoutSessionRequired.toString()); } - if (backchannelLogoutUris != null && !backchannelLogoutUris.isEmpty()) { - function.apply(BACKCHANNEL_LOGOUT_URI.toString(), toJSONArray(backchannelLogoutUris)); + if (backchannelLogoutUri != null && !backchannelLogoutUri.isEmpty()) { + function.apply(BACKCHANNEL_LOGOUT_URI.toString(), backchannelLogoutUri); } if (backchannelLogoutSessionRequired != null) { function.apply(BACKCHANNEL_LOGOUT_SESSION_REQUIRED.toString(), backchannelLogoutSessionRequired.toString()); diff --git a/jans-auth-server/client/src/test/java/io/jans/as/client/client/RegisterRequestTest.java b/jans-auth-server/client/src/test/java/io/jans/as/client/client/RegisterRequestTest.java index 860a1cf1ac0..7322770ff9d 100644 --- a/jans-auth-server/client/src/test/java/io/jans/as/client/client/RegisterRequestTest.java +++ b/jans-auth-server/client/src/test/java/io/jans/as/client/client/RegisterRequestTest.java @@ -14,8 +14,6 @@ import org.json.JSONObject; import org.testng.annotations.Test; -import java.util.List; - import static org.testng.Assert.assertEquals; /** @@ -61,12 +59,12 @@ public void getJSONParametersForAdditionalAudienceShouldReturnCorrectValue() { @Test public void getJSONParameters_forBackchannelLogoutUri_shouldReturnCorrectValue() { - final List value = Lists.newArrayList("https://back.com/b1", "https://back.com/b2"); + final String value = "https://back.com/b1"; RegisterRequest request = new RegisterRequest(); - request.setBackchannelLogoutUris(value); + request.setBackchannelLogoutUri(value); - assertEquals(value, request.getJSONParameters().getJSONArray(RegisterRequestParam.BACKCHANNEL_LOGOUT_URI.getName()).toList()); + assertEquals(value, request.getJSONParameters().optString(RegisterRequestParam.BACKCHANNEL_LOGOUT_URI.getName())); } @Test diff --git a/jans-auth-server/client/src/test/java/io/jans/as/client/ws/rs/RegistrationRestWebServiceHttpTest.java b/jans-auth-server/client/src/test/java/io/jans/as/client/ws/rs/RegistrationRestWebServiceHttpTest.java index 89819cb6421..0e6f91dff38 100644 --- a/jans-auth-server/client/src/test/java/io/jans/as/client/ws/rs/RegistrationRestWebServiceHttpTest.java +++ b/jans-auth-server/client/src/test/java/io/jans/as/client/ws/rs/RegistrationRestWebServiceHttpTest.java @@ -157,7 +157,7 @@ public void requestClientAssociate2(final String redirectUris, final String sect registerRequest.setRequestUris(Arrays.asList("http://www.gluu.org/request")); registerRequest.setFrontChannelLogoutUri(logoutUri); registerRequest.setFrontChannelLogoutSessionRequired(true); - registerRequest.setBackchannelLogoutUris(Lists.newArrayList(logoutUri)); + registerRequest.setBackchannelLogoutUri(logoutUri); registerRequest.setBackchannelLogoutSessionRequired(true); registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.RS512); registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5); diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/register/ws/rs/RegisterJsonService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/register/ws/rs/RegisterJsonService.java index dbd79438e0c..c1a73c7d956 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/register/ws/rs/RegisterJsonService.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/register/ws/rs/RegisterJsonService.java @@ -154,7 +154,7 @@ public JSONObject getJSONObject(Client client) throws JSONException, StringEncry // Logout params Util.addToJSONObjectIfNotNull(responseJsonObject, FRONT_CHANNEL_LOGOUT_URI.toString(), client.getFrontChannelLogoutUri()); Util.addToJSONObjectIfNotNull(responseJsonObject, FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString(), client.getFrontChannelLogoutSessionRequired()); - Util.addToJSONObjectIfNotNull(responseJsonObject, BACKCHANNEL_LOGOUT_URI.toString(), client.getAttributes().getBackchannelLogoutUri()); + Util.addToJSONObjectIfNotNull(responseJsonObject, BACKCHANNEL_LOGOUT_URI.toString(), client.getAttributes().getBackchannelLogoutUri().iterator().next()); Util.addToJSONObjectIfNotNull(responseJsonObject, BACKCHANNEL_LOGOUT_SESSION_REQUIRED.toString(), client.getAttributes().getBackchannelLogoutSessionRequired()); Util.addToJSONObjectIfNotNull(responseJsonObject, REDIRECT_URIS_REGEX.toString(), client.getAttributes().getRedirectUrisRegex()); diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/register/ws/rs/RegisterService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/register/ws/rs/RegisterService.java index 7de5732d695..77dbb2163ac 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/register/ws/rs/RegisterService.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/register/ws/rs/RegisterService.java @@ -388,8 +388,8 @@ public void updateClientFromRequestObject(Client client, RegisterRequest request } client.setFrontChannelLogoutSessionRequired(requestObject.getFrontChannelLogoutSessionRequired()); - if (requestObject.getBackchannelLogoutUris() != null && !requestObject.getBackchannelLogoutUris().isEmpty()) { - client.getAttributes().setBackchannelLogoutUri(requestObject.getBackchannelLogoutUris()); + if (requestObject.getBackchannelLogoutUri() != null && !requestObject.getBackchannelLogoutUri().isEmpty()) { + client.getAttributes().setBackchannelLogoutUri(Lists.newArrayList(requestObject.getBackchannelLogoutUri())); } client.getAttributes().setBackchannelLogoutSessionRequired(requestObject.getBackchannelLogoutSessionRequired()); diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/register/ws/rs/action/RegisterCreateAction.java b/jans-auth-server/server/src/main/java/io/jans/as/server/register/ws/rs/action/RegisterCreateAction.java index 73b2b4ee632..2408d529a77 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/register/ws/rs/action/RegisterCreateAction.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/register/ws/rs/action/RegisterCreateAction.java @@ -129,7 +129,7 @@ public Response createClient(String requestParams, HttpServletRequest httpReques registerValidator.validateCiba(r); registerParamsValidator.validateLogoutUri(r.getFrontChannelLogoutUri(), r.getRedirectUris(), errorResponseFactory); - registerParamsValidator.validateLogoutUri(r.getBackchannelLogoutUris(), r.getRedirectUris(), errorResponseFactory); + registerParamsValidator.validateLogoutUri(r.getBackchannelLogoutUri(), r.getRedirectUris(), errorResponseFactory); String clientsBaseDN = staticConfiguration.getBaseDn().getClients(); diff --git a/jans-auth-server/server/src/test/java/io/jans/as/server/ws/rs/EndSessionBackchannelRestServerTest.java b/jans-auth-server/server/src/test/java/io/jans/as/server/ws/rs/EndSessionBackchannelRestServerTest.java index 5b58d67186d..89791f7770e 100644 --- a/jans-auth-server/server/src/test/java/io/jans/as/server/ws/rs/EndSessionBackchannelRestServerTest.java +++ b/jans-auth-server/server/src/test/java/io/jans/as/server/ws/rs/EndSessionBackchannelRestServerTest.java @@ -18,7 +18,6 @@ import io.jans.as.model.util.StringUtils; import io.jans.as.server.BaseTest; import io.jans.as.server.model.TClientService; -import org.jboss.arquillian.container.test.api.RunAsClient; import org.jboss.arquillian.test.api.ArquillianResource; import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder; import org.testng.annotations.Parameters; @@ -58,7 +57,7 @@ public void requestEndSessionStep1(final String redirectUris, final String postL io.jans.as.client.RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN)); registerRequest.setPostLogoutRedirectUris(Arrays.asList(postLogoutRedirectUri)); - registerRequest.setBackchannelLogoutUris(Lists.newArrayList(postLogoutRedirectUri)); + registerRequest.setBackchannelLogoutUri(Lists.newArrayList(postLogoutRedirectUri)); registerRequest.addCustomAttribute("jansTrustedClnt", "true"); registerResponse = TClientService.register(registerRequest, getApiTagetURL(url));